Multiplicative complexity is the minimum number of AND-gates required to implement a given Boolean function in (AND, XOR) algebra. It is a good measure of a hardware complexity of an S-box, but an S-box cannot have too low multiplicative complexity due to security constraints. In this article we focus on generic constructions that can be used to find good n×n S-boxes with low multiplicative complexity. We tested these constructions in the specific case when n = 8. We were able to find 8 × 8 S-boxes with multiplicative complexity at most 16 (which is half of the known bound on multiplicative complexity of the AES S-box), while providing a reasonable resistance against linear and differential cryptanalysis.
Ballet, S. and Pieltant, J., On the tensor rank of multiplication in any extension of f2, Journal of Complexity, 27(2) (2011), 230–245. DOI 0885064X11000094 http://dx.doi.org/10.1016/j.jco.2011.01.008.URL http://www.sciencedirect.com/science/article/pii/S0885064X11000094
Bertoni, G., Daemen, J., Peeters, M. and Van Assche, G., Keccak sponge function family main document, Submission to NIST (Round 2), 3 (2009).
Bilgin, B., Nikova, S., Nikov, V., Rijmen, V. and Stütz, G., Threshold implementations of all 3 ×3 and 4 × 4 S-boxes, in: E. Prouff, P. Schaumont (eds.) CHES, Lecture Notes in Computer Science, vol. 7428, Springer (2012), pp. 76–91.
Biryukov, A., Cannière, C. D., Braeken, A. and Preneel, B., A toolbox for cryptanalysis: Linear and affine equivalence algorithms, in: E. Biham (ed.) Advances in Cryptology – EUROCRYPT 2003, Lecture Notesin Computer Science, vol. 2656, Springer-Verlag (2003), pp. 33–50. URL http://dx.doi.org/10.1007/3-540-39200-9_3
Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y. and Vikkelsoe, C., PRESENT: An ultra-lightweight block cipher, in: P. Paillier, I. Verbauwhede (eds.) CHES, LectureNotes in Computer Science, vol. 4727, Springer (2007), pp. 450–466.
Boyar, J. and Peralta, R., Tight bounds for the multiplicative complexity of symmetric functions, Theor. Comput. Sci., 396(1–3) (2008), 223–246. DOI 10.1016/j.tcs.2008.01.030. URL http://dx.doi.org/10.1016/j.tcs.2008.01.030
Boyar, J. and Peralta, R., A new combinational logic minimization technique with applications to cryptology, SEA (2010), pp. 178–189
Boyar, J., Peralta, R. and Pochuev, D., On the multiplicative complexity of boolean functions over the basis (∧,⊕, 1), Theoretical Computer Science, 235(1) (2000), 43–57.
Bulygin, S., More on linear hulls of present-like ciphers and a cryptanalysis of fullround epcbc-96, Cryptology ePrint Archive, Report 2013/028 (2013). URL http://eprint.iacr.org/
Carlet, C., Goubin, L., Prouff, E., Quisquater, M. and Rivain, M., Higherorder masking schemes for S-boxes, in: Fast Software Encryption, Springer (2012), pp. 366–384.
Courtois, N., Hulme, D. and Mourouzis, T., Solving circuit optimisation problems in cryptography and cryptanalysis, Cryptology ePrint Archive, Report 2011/475 (2011).
Daemen, J. and Rijmen, V., The Design of Rijndael. Springer (2002)
Grosek, O., Magliveras, S., Tapuska, J. and Wei, W., Is Rijndael really independent of the field polynomial? Tatra Mountains Mathematical Publications, 33(1) (2006), 51–69.
Kocher, P. C., Jaffe, J. and Jun, B., Differential power analysis, in: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ′99, Springer-Verlag, London, UK, UK (1999). pp. 388–397. URL http://dl.acm.org/citation.cfm?id=646764.703989
Mirwald, R. and Schnorr, C., The multiplicative complexity of quadratic boolean forms, Theoretical Computer Science, 102(2) (1992), 307–328. DOI 10.1016/0304-3975(92)90235-8. URL http://www.sciencedirect.com/science/article/pii/0304397592902358
Nyberg, K., Differentially uniform mappings for cryptography, in: T. Helleseth (ed.) Advances in Cryptology – EUROCRYPT ′93, Lecture Notes in ComputerScience, vol. 765 Springer, Berlin, Heidelberg (1994), pp. 55–64. DOI 10.1007/3-540-48285-7_6. URL http://dx.doi.org/10.1007/3-540-48285-7_6
Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C. and Ferguson, N., Twofish: A 128-bit block cipher, NIST AES Proposal, 15 (1998).
Wu, H., The hash function jh, submission to NIST (updated) (2009).
Yarkin Doröz Aria Shahverdi, T. E. and Sunar, B., Toward practical homomorphic evaluation of block ciphers using Prince, Cryptology ePrint Archive, Report 2014/233 (2014). URL http://eprint.iacr.org/
Zajac, P., A new method to solve MRHS equation systems and its connection to group factorization, Journal of Mathematical Cryptology, 7(4) (2013), 279–381. DOI 10.1515/jmc-2013-5012
Zajac, P. and Jókay, M., Multiplicative complexity of bijective 4 × 4 s-boxes, Cryptography and Communications, 6(3) (2014), 255–277. DOI 10.1007/s12095-014-0100-y. URL http://dx.doi.org/10.1007/s12095-014-0100-y